community.windows.win_firewall module – Enable or disable the Windows Firewall

Note

This module is part of the community.windows collection (version 2.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.windows. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.windows.win_firewall.

Synopsis

  • Enable or Disable Windows Firewall profiles.

Requirements

The below requirements are needed on the host that executes this module.

  • This module requires Windows Management Framework 5 or later.

Parameters

Parameter

Comments

inbound_action

string

added in community.windows 1.1.0

Set to allow or block inbound network traffic in the profile.

not_configured is valid when configuring a GPO.

Choices:

  • "allow"

  • "block"

  • "not_configured"

outbound_action

string

added in community.windows 1.1.0

Set to allow or block inbound network traffic in the profile.

not_configured is valid when configuring a GPO.

Choices:

  • "allow"

  • "block"

  • "not_configured"

profiles

list / elements=string

Specify one or more profiles to change.

Choices:

  • "Domain" ← (default)

  • "Private" ← (default)

  • "Public" ← (default)

Default: ["Domain", "Private", "Public"]

state

string

Set state of firewall for given profile.

Choices:

  • "disabled"

  • "enabled"

See Also

See also

community.windows.win_firewall_rule

Windows firewall automation.

Examples

- name: Enable firewall for Domain, Public and Private profiles
  community.windows.win_firewall:
    state: enabled
    profiles:
    - Domain
    - Private
    - Public
  tags: enable_firewall

- name: Disable Domain firewall
  community.windows.win_firewall:
    state: disabled
    profiles:
    - Domain
  tags: disable_firewall

- name: Enable firewall for Domain profile and block outbound connections
  community.windows.win_firewall:
    profiles: Domain
    state: enabled
    outbound_action: block
  tags: block_connection

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

enabled

boolean

Current firewall status for chosen profile (after any potential change).

Returned: always

Sample: true

profiles

string

Chosen profile.

Returned: always

Sample: "Domain"

state

list / elements=string

Desired state of the given firewall profile(s).

Returned: always

Sample: ["enabled"]

Authors

  • Michael Eaton (@michaeldeaton)